Thousands targeted with phishing emails after cyber attack on Greater Manchester councils
A major cyber attack on Greater Manchester councils highlights significant risks local authorities face, particularly related to supply chain vulnerabilities.
Top 5 Cyber Security Trends for 2025
The surge in ransomware and cyber attacks highlights a pressing need for improved risk management and more skilled professionals in cybersecurity.
Lazarus Group Spotted Targeting Nuclear Engineers with CookiePlus Malware
The Lazarus Group utilizes a sophisticated infection chain in cyber espionage attacks, targeting employees in critical sectors with deceptive job offers.
Open source package entry points could be used for command jacking
Threat actors exploit entry points in open source packages to execute malicious commands and compromise applications.
Developers are cautioned to carefully evaluate open source packages to mitigate risks of supply chain attacks.
Supply chain attacks are still plaguing enterprises - here's why
Supply chain attacks are a prevalent threat, with organizations struggling to manage third-party exposure.
WordPress Plugin and Theme Developers Told They Must Use 2FA
Mandatory two-factor authentication for WordPress plugin and theme developers begins October 1st to bolster security against hacking attempts.
Thousands targeted with phishing emails after cyber attack on Greater Manchester councils
A major cyber attack on Greater Manchester councils highlights significant risks local authorities face, particularly related to supply chain vulnerabilities.
Top 5 Cyber Security Trends for 2025
The surge in ransomware and cyber attacks highlights a pressing need for improved risk management and more skilled professionals in cybersecurity.
Lazarus Group Spotted Targeting Nuclear Engineers with CookiePlus Malware
The Lazarus Group utilizes a sophisticated infection chain in cyber espionage attacks, targeting employees in critical sectors with deceptive job offers.
Open source package entry points could be used for command jacking
Threat actors exploit entry points in open source packages to execute malicious commands and compromise applications.
Developers are cautioned to carefully evaluate open source packages to mitigate risks of supply chain attacks.
Supply chain attacks are still plaguing enterprises - here's why
Supply chain attacks are a prevalent threat, with organizations struggling to manage third-party exposure.
WordPress Plugin and Theme Developers Told They Must Use 2FA
Mandatory two-factor authentication for WordPress plugin and theme developers begins October 1st to bolster security against hacking attempts.
StormBamboo Compromises ISP to Spread Malware via Updates
StormBamboo, a Chinese-speaking threat actor, conducted a sophisticated cyberespionage attack by compromising an ISP and altering DNS responses to deliver malicious payloads alongside legitimate software updates.
BeaverTail Malware Resurfaces in Malicious npm Packages Targeting Developers
Three npm packages with North Korean malware were discovered, continuing a trend of targeting developers through supply chain attacks.
In the rush to build AI apps, don't leave security behind
Developers in AI need to prioritize security amidst the rush to create new products.
Supply-chain attacks can compromise AI projects by hiding malware in components.
StormBamboo Compromises ISP to Spread Malware via Updates
StormBamboo, a Chinese-speaking threat actor, conducted a sophisticated cyberespionage attack by compromising an ISP and altering DNS responses to deliver malicious payloads alongside legitimate software updates.
BeaverTail Malware Resurfaces in Malicious npm Packages Targeting Developers
Three npm packages with North Korean malware were discovered, continuing a trend of targeting developers through supply chain attacks.
In the rush to build AI apps, don't leave security behind
Developers in AI need to prioritize security amidst the rush to create new products.
Supply-chain attacks can compromise AI projects by hiding malware in components.
68% of healthcare workers experienced a supply chain attack
Cybersecurity incidents significantly disrupt healthcare, impacting patient care and outcomes.
China-Linked Hackers Compromise ISP to Deploy Malicious Software Updates
Evasive Panda compromised an ISP to distribute malware updates to target companies, showcasing advanced tactics.
The threat actor is linked to a new strain of macOS malware named MACMA and has a history of sophisticated cyber espionage activities.
How to Stay Safe When Updating WordPress - Speckyboy
WordPress updates are crucial for security and functionality, but manual updates are safer to avoid potential risks from supply chain attacks.
CrowdStrike 2024 Global Threat Report: 6 Key Takeaways
Identity-based attacks remain prevalent
Cloud environment intrusions up by 75% from 2022 to 2023
Third-party relationships exploited for easier attacks
UK, Korea Warn of DPRK Supply Chain Attacks Involving Zero-Day Flaws
The UK National Cyber Security Centre and Korea's National Intelligence Service have issued a warning on DPRK state-sponsored hackers targeting government organizations.
The hackers employed zero-day and n-day vulnerabilities and exploited flaws in software supply chains to carry out attacks.
The hackers used a watering hole attack and exploited vulnerabilities in a network-linked system in order to gain remote control over targeted systems.
Google's Ad Blocker Crackdown Is Growing
Google has relaxed restrictions on its Manifest V3 API, increasing the number of content-filtering rules from 5,000 to 30,000.
AdGuard welcomes some of the revised changes while uBlock Origin creates a 'lite' version of its extension in response to Manifest V3.
Microsoft has discovered North Korean hackers using sophisticated supply chain attacks, with more than 100 devices impacted so far.
CISOs are facing a 'tsunami of regulations' - here's why it's crucial they focus on quantifying cyber risk
CISOs face challenges in quantifying cyber risks for board buy-in.
384,000 sites pull code from sketchy code library recently bought by Chinese firm
Over 384,000 websites linked to a site conducting supply-chain attacks by redirecting visitors to malicious content.
3 million iOS and macOS apps were exposed to potent supply-chain attacks
Vulnerabilities in CocoaPods' trunk server exposed iOS and macOS apps to supply-chain attacks for a decade, posing major security risks and potential data breaches.
US charges four FIN9-linked hackers after $71 million cybercrime spree
Four alleged members of the FIN9 cybercrime gang have been charged in the US for causing over $71 million in losses through phishing and supply chain attacks.
GitHub Artifact Attestations now generally available
Artifact Attestations in GitHub Actions ensure artifact integrity, enhancing security against supply chain attacks and modifications.